On Tue, 26 Jul 2011 11:52:27 +0200, Didier Raboud wrote:
As Martin mentionned in the 633870 bugreport, CVE-2011-2684 "could"
be fixed
in a fixed point release.
The proposed debdiff for squeeze is attached (the fix was uploaded to
unstable already and given the non-severe nature if this bug I don't
think an upload to testing is worth.
Probably not, no.
What do you think ? (And would a fix to lenny be needed ?)
Looking at the patch:
++NEWPWD=`mktemp --tmpdir --directory foo2zjs.XXXXXX`
++cd "$NEWPWD"
What happens if mktemp fails? The script in question appears to be
neither -e nor -u, so afaics there's the possibility for the code
following the above snippet to be run in whatever happens to be the
current directory when the script is run.
Regards,
Adam
--
To UNSUBSCRIBE, email to debian-printing-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/73da4f47edc73ebbd2c86c998bdf1...@adsl.funky-badger.org
